Users Guide
Table Of Contents
PMem security
Topics:
• Memory mode
•
App-direct
• Cryptographic erase and PMem sanitize
Memory mode
In Memory mode PMems operate as volatile system memory. User passphrase is not supported and this BIOS setting will be
greyed out.
App-direct
Users have the option to enable Passphrase protection of PMem regions. The intent of the passphrase is to protect against
unauthorized access to data stored on the PMem region. If the PMems are moved from one server to another server, the user
must re-enter the security passphrase in BIOS setup before the data can be accessed.
If the customer chooses to enable passphrase protection or not, BIOS locks the PMem before booting to the operating system
or UEFI Shell. This means that all security changes are controlled by the Dell BIOS and operating system level security changes
including Passphrase management and PMem erasing functions will not be supported. All these functions must be driven
through the BIOS setup.
NOTE:
As mentioned in section DIMM Configuration Changes, the only migration scenario that is supported is a slot for
slot replacement between motherboards. Adding or removing individual PMem for any reason will likely result in data loss
and trigger the need for goal and security reconfiguration.
The passphrase to lock or encrypt the data at rest on the PMem in App-direct is configurable in the BIOS setup. If the field is
not empty, every boot the supplied passphrase is used to attempt to unlock all PMem in the system.
The following use cases are related to unsupported migration scenarios:
● When changing passphrase in the BIOS setup, the existing passphrase only needs to be entered once per session. Entering
and existing the field multiple times will not reprompt for the passphrase again (until the next boot session).
● Passphrase can be cleared by entering empty string in BIOS setup passphrase field.
NOTE: To clear the passphrase, keep the passphrase field blank and hit Enter.
7
PMem security 29